Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Windows.

  1. Enable SMB signing via Group Policy to require it on all connections.

  2. Open Group Policy Management (gpmc.msc).

  3. Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

  4. Enable the following policies:

    • Microsoft network client: Digitally sign communications (always) — set to Enabled
    • Microsoft network server: Digitally sign communications (always) — set to Enabled

  5. Apply the policy and force an update:

    gpupdate /force

  6. Alternatively, via PowerShell:

    Set-SmbServerConfiguration -RequireSecuritySignature $true -EnableSecuritySignature $true -Force
Set-SmbClientConfiguration -RequireSecuritySignature $true -Force
Back to top